Know your customer (KYC) – a complex and fluid challenge

In the UK, Know your customer (KYC) rules fall under the jurisdiction of the Financial Conduct Authority (FCA), specifically through the 2007 Money Laundering Regulations. These regulations compel firms to ensure they have internal control and communication procedures "appropriate for the purposes of forestalling and preventing money laundering".

KYC regulations should not be taken lightly, as the rules cover relationships with customers, as well as relationships with all levels of an organisation's supply chain.

Relationships with customers are also subject to the Prevention of Corruption Act, which requires companies to make Suspicious Activity Reports in the event a customer or supplier is perceived to be engaged in or associated with corrupt activities.

The Money Laundering Regulations and the Prevention of Corruption Act place a legal duty on firms to obtain information about the identity of its customers and suppliers. For many organisations, particularly large companies, the supply chain can be a long and at times intricate.

Click image to enlarge infographic

Customers and suppliers that operate in high-risk jurisdictions may pose a higher money laundering or terrorist financing risk, and due diligence policies should be enhanced as a result. At times, this may involve taking guidance from a local expert in the high-risk country to identify areas of risk inherent in local customs.

The FCA offers guidance for firms on what additional information to obtain about third parties including:

Why third parties open accounts with a company or what the reason is for establishing a business relationship

What the nature of the expected activity and its level will be in the relationship

Information about signatories to any business agreement including a third party's underlying beneficial owners

Where the money to be used to buy or sell goods or services originates

Occupation and employment details where third parties use personal bank accounts to trade

The source of wealth or income, especially when the relationship involves a private banking arrangement

The net worth of the individuals or organisations involved.

In the US, the 2001 USA Patriot Act introduced rules which made KYC mandatory for all US-based banks. These obligate banks to have robust processes in place to fully identify all of their customers.

While UK guidance is directed at any business operating in the UK, it is the banking industry that has faced significant fines globally for KYC failures. In 2012, HSBC and Standard Chartered were both fined almost $2.6 billion over money laundering allegations. HSBC in particular, was accused of a major KYC failure by allowing itself to be used by money launderers in Central America and organisations financing terrorism in the Middle East.

More recently, Standard Bank was fined £7.6 million by the FCA after it found that the bank's processes to identify Politically Exposed Persons (PEPs) as customers were woefully inadequate.

Last year's tightening of sanctions against Russia over the annexation of Crimea and, more recently, Russia's own sanctions against Turkey over the downing of a jet on a bombing run to Syria have only served to highlight the increasing complexity of legislation governing customer and supplier relationships.

The fluid nature of international KYC regulations presents an emerging challenge for compliance professionals, indeed 41% cited the changing geopolitical landscape as a key challenge moving into 2016 (Risk Advisory Group Report). It is imperative organisations implement comprehensive due diligence procedures to ensure they comply with the most up-to-date national and international KYC standards.

To protect your business and reputation you need to better understand your customers, employees and vendors. Lexis Diligence brings together all the intelligence you need in one place to conduct consistent due diligence and comply with anti-money laundering and anti-bribery regulatory requirements.